Uploaded image for project: 'Syncope'
  1. Syncope
  2. SYNCOPE-269

AES encryption key defined in source code

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 1.0.4, 1.1.0
    • Fix Version/s: 1.0.5, 1.1.0
    • Component/s: core
    • Labels:

      Description

      Currently, the encryption key is barely and statically defined in source code [1] for 1_0_X, [2] for trunk.

      This key must be moved to an external properties file (security.properties, for example).

      Nice to have: random generation of this key during 'mvn archetype:generate'.

      For 1_0_X: provide default to current key value [1] when not provided in security.properties.

      [1] http://svn.apache.org/repos/asf/syncope/branches/1_0_X/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java
      [2] http://svn.apache.org/repos/asf/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordEncoder.java

        Attachments

          Activity

            People

            • Assignee:
              ilgrosso Francesco Chicchiriccò
              Reporter:
              ilgrosso Francesco Chicchiriccò
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: